mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
Remove configure switch --disable-strong-random
This removes a portion of infrastructure introduced by fe0a0b5 to allow
compilation of Postgres in environments where no strong random source is
available, meaning that there is no linking to OpenSSL and no
/dev/urandom (Windows having its own CryptoAPI). No systems shipped
this century lack /dev/urandom, and the buildfarm is actually not
testing this switch at all, so just remove it. This simplifies
particularly some backend code which included a fallback implementation
using shared memory, and removes a set of alternate regression output
files from pgcrypto.
Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/20181230063219.GG608@paquier.xyz
This commit is contained in:
Michael Paquier
@ -1,42 +0,0 @@
|
||||
--
|
||||
-- PGP compression support
|
||||
--
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
|
||||
DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
|
||||
=tbSn
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'key', 'expect-compress-algo=1');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
|
||||
'key', 'expect-compress-algo=0');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
|
||||
'key', 'expect-compress-algo=1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
|
||||
'key', 'expect-compress-algo=2');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- level=0 should turn compression off
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret message', 'key',
|
||||
'compress-algo=2, compress-level=0'),
|
||||
'key', 'expect-compress-algo=0');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
@ -1,424 +0,0 @@
|
||||
--
|
||||
-- pgp_descrypt tests
|
||||
--
|
||||
-- Checking ciphers
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.blowfish.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
|
||||
yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
|
||||
=JcP+
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
|
||||
UTAsG35A1vYs02VARKzGz6xI2UHwFUirP+brPBg3Ee7muOx8pA==
|
||||
=XtrP
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes192.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0ECAMCI7YQpWqp3D1g0kQBCjB7GlX7+SQeXNleXeXQ78ZAPNliquGDq9u378zI
|
||||
5FPTqAhIB2/2fjY8QEIs1ai00qphjX2NitxV/3Wn+6dufB4Q4g==
|
||||
=rCZt
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes256.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0ECQMC4f/5djqCC1Rg0kQBTHEPsD+Sw7biBsM2er3vKyGPAQkuTBGKC5ie7hT/
|
||||
lceMfQdbAg6oTFyJpk/wH18GzRDphCofg0X8uLgkAKMrpcmgog==
|
||||
=fB6S
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
-- Checking MDC modes
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.nomdc.s2k3.z0
|
||||
|
||||
jA0EBwMCnv07rlXqWctgyS2Dm2JfOKCRL4sLSLJUC8RS2cH7cIhKSuLitOtyquB+
|
||||
u9YkgfJfsuRJmgQ9tmo=
|
||||
=60ui
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCEeP3idNjQ1Bg0kQBf4G0wX+2QNzLh2YNwYkQgQkfYhn/hLXjV4nK9nsE
|
||||
8Ex1Dsdt5UPvOz8W8VKQRS6loOfOe+yyXil8W3IYFwUpdDUi+Q==
|
||||
=moGf
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
-- Checking hashes
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.md5.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMClrXXtOXetohg0kQBn0Kl1ymevQZRHkdoYRHgzCwSQEiss7zYff2UNzgO
|
||||
KyRrHf7zEBuZiZ2AG34jNVMOLToj1jJUg5zTSdecUzQVCykWTA==
|
||||
=NyLk
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCApbdlrURoWJg0kQBzHM/E0o7djY82bNuspjxjAcPFrrtp0uvDdMQ4z2m
|
||||
/PM8jhgI5vxFYfNQjLl8y3fHYIomk9YflN9K/Q13iq8A8sjeTw==
|
||||
=FxbQ
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
-- Checking S2K modes
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k0.z0
|
||||
|
||||
jAQEBwAC0kQBKTaLAKE3xzps+QIZowqRNb2eAdzBw2LxEW2YD5PgNlbhJdGg+dvw
|
||||
Ah9GXjGS1TVALzTImJbz1uHUZRfhJlFbc5yGQw==
|
||||
=YvkV
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k1.z0
|
||||
|
||||
jAwEBwEC/QTByBLI3b/SRAHPxKzI6SZBo5lAEOD+EsvKQWO4adL9tDY+++Iqy1xK
|
||||
4IaWXVKEj9R2Lr2xntWWMGZtcKtjD2lFFRXXd9dZp1ZThNDz
|
||||
=dbXm
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCEq4Su3ZqNEJg0kQB4QG5jBTKF0i04xtH+avzmLhstBNRxvV3nsmB3cwl
|
||||
z+9ZaA/XdSx5ZiFnMym8P6r8uY9rLjjNptvvRHlxIReF+p9MNg==
|
||||
=VJKg
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes192.sha1.mdc.s2k0.z0
|
||||
|
||||
jAQECAAC0kQBBDnQWkgsx9YFaqDfWmpsiyAJ6y2xG/sBvap1dySYEMuZ+wJTXQ9E
|
||||
Cr3i2M7TgVZ0M4jp4QL0adG1lpN5iK7aQeOwMw==
|
||||
=cg+i
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes192.sha1.mdc.s2k1.z0
|
||||
|
||||
jAwECAECruOfyNDFiTnSRAEVoGXm4A9UZKkWljdzjEO/iaE7mIraltIpQMkiqCh9
|
||||
7h8uZ2u9uRBOv222fZodGvc6bvq/4R4hAa/6qSHtm8mdmvGt
|
||||
=aHmC
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes192.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0ECAMCjFn6SRi3SONg0kQBqtSHPaD0m7rXfDAhCWU/ypAsI93GuHGRyM99cvMv
|
||||
q6eF6859ZVnli3BFSDSk3a4e/pXhglxmDYCfjAXkozKNYLo6yw==
|
||||
=K0LS
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes256.sha1.mdc.s2k0.z0
|
||||
|
||||
jAQECQAC0kQB4L1eMbani07XF2ZYiXNK9LW3v8w41oUPl7dStmrJPQFwsdxmrDHu
|
||||
rQr3WbdKdY9ufjOE5+mXI+EFkSPrF9rL9NCq6w==
|
||||
=RGts
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes256.sha1.mdc.s2k1.z0
|
||||
|
||||
jAwECQECKHhrou7ZOIXSRAHWIVP+xjVQcjAVBTt+qh9SNzYe248xFTwozkwev3mO
|
||||
+KVJW0qhk0An+Y2KF99/bYFl9cL5D3Tl43fC8fXGl3x3m7pR
|
||||
=SUrU
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes256.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0ECQMCjc8lwZu8Fz1g0kQBkEzjImi21liep5jj+3dAJ2aZFfUkohi8b3n9z+7+
|
||||
4+NRzL7cMW2RLAFnJbiqXDlRHMwleeuLN1up2WIxsxtYYuaBjA==
|
||||
=XZrG
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'foobar');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
-- Checking longer passwords
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCx6dBiuqrYNRg0kQBEo63AvA1SCslxP7ayanLf1H0/hlk2nONVhTwVEWi
|
||||
tTGup1mMz6Cfh1uDRErUuXpx9A0gdMu7zX0o5XjrL7WGDAZdSw==
|
||||
=XKKG
|
||||
-----END PGP MESSAGE-----
|
||||
'), '0123456789abcdefghij');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCBDvYuS990iFg0kQBW31UK5OiCjWf5x6KJ8qNNT2HZWQCjCBZMU0XsOC6
|
||||
CMxFKadf144H/vpoV9GA0f22keQgCl0EsTE4V4lweVOPTKCMJg==
|
||||
=gWDh
|
||||
-----END PGP MESSAGE-----
|
||||
'), '0123456789abcdefghij2jk4h5g2j54khg23h54g2kh54g2khj54g23hj54');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCqXbFafC+ofVg0kQBejyiPqH0QMERVGfmPOjtAxvyG5KDIJPYojTgVSDt
|
||||
FwsDabdQUz5O7bgNSnxfmyw1OifGF+W2bIn/8W+0rDf8u3+O+Q==
|
||||
=OxOF
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'x');
|
||||
pgp_sym_decrypt
|
||||
-----------------
|
||||
Secret message.
|
||||
(1 row)
|
||||
|
||||
-- Checking various data
|
||||
select encode(digest(pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat1.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCGJ+SpuOysINg0kQBJfSjzsW0x4OVcAyr17O7FBvMTwIGeGcJd99oTQU8
|
||||
Xtx3kDqnhUq9Z1fS3qPbi5iNP2A9NxOBxPWz2JzxhydANlgbxg==
|
||||
=W/ik
|
||||
-----END PGP MESSAGE-----
|
||||
'), '0123456789abcdefghij'), 'sha1'), 'hex');
|
||||
encode
|
||||
------------------------------------------
|
||||
0225e3ede6f2587b076d021a189ff60aad67e066
|
||||
(1 row)
|
||||
|
||||
-- expected: 0225e3ede6f2587b076d021a189ff60aad67e066
|
||||
select encode(digest(pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat2.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCvdpDvidNzMxg0jUBvj8eS2+1t/9/zgemxvhtc0fvdKGGbjH7dleaTJRB
|
||||
SaV9L04ky1qECNDx3XjnoKLC+H7IOQ==
|
||||
=Fxen
|
||||
-----END PGP MESSAGE-----
|
||||
'), '0123456789abcdefghij'), 'sha1'), 'hex');
|
||||
encode
|
||||
------------------------------------------
|
||||
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
||||
(1 row)
|
||||
|
||||
-- expected: da39a3ee5e6b4b0d3255bfef95601890afd80709
|
||||
select encode(digest(pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: dat3.aes.sha1.mdc.s2k3.z0
|
||||
|
||||
jA0EBwMCxQvxJZ3G/HRg0lgBeYmTa7/uDAjPyFwSX4CYBgpZWVn/JS8JzILrcWF8
|
||||
gFnkUKIE0PSaYFp+Yi1VlRfUtRQ/X/LYNGa7tWZS+4VQajz2Xtz4vUeAEiYFYPXk
|
||||
73Hb8m1yRhQK
|
||||
=ivrD
|
||||
-----END PGP MESSAGE-----
|
||||
'), '0123456789abcdefghij'), 'sha1'), 'hex');
|
||||
encode
|
||||
------------------------------------------
|
||||
5e5c135efc0dd00633efc6dfd6e731ea408a5b4c
|
||||
(1 row)
|
||||
|
||||
-- expected: 5e5c135efc0dd00633efc6dfd6e731ea408a5b4c
|
||||
-- Checking CRLF
|
||||
select encode(digest(pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: crlf mess
|
||||
|
||||
ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms
|
||||
a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs
|
||||
=mBP9
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'key', 'convert-crlf=0'), 'sha1'), 'hex');
|
||||
encode
|
||||
------------------------------------------
|
||||
9353062be7720f1446d30b9e75573a4833886784
|
||||
(1 row)
|
||||
|
||||
-- expected: 9353062be7720f1446d30b9e75573a4833886784
|
||||
select encode(digest(pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
Comment: crlf mess
|
||||
|
||||
ww0ECQMCt7VAtby6l4Bi0lgB5KMIZiiF/b3CfMfUyY0eDncsGXtkbu1X+l9brjpMP8eJnY79Amms
|
||||
a3nsOzKTXUfS9VyaXo8IrncM6n7fdaXpwba/3tNsAhJG4lDv1k4g9v8Ix2dfv6Rs
|
||||
=mBP9
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'key', 'convert-crlf=1'), 'sha1'), 'hex');
|
||||
encode
|
||||
------------------------------------------
|
||||
7efefcab38467f7484d6fa43dc86cf5281bd78e2
|
||||
(1 row)
|
||||
|
||||
-- expected: 7efefcab38467f7484d6fa43dc86cf5281bd78e2
|
||||
-- check BUG #11905, problem with messages 6 less than a power of 2.
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt(repeat('x',65530),'1'),'1') = repeat('x',65530);
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- expected: true
|
||||
-- Negative tests
|
||||
-- Decryption with a certain incorrect key yields an apparent Literal Data
|
||||
-- packet reporting its content to be binary data. Ciphertext source:
|
||||
-- iterative pgp_sym_encrypt('secret', 'key') until the random prefix gave
|
||||
-- rise to that property.
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
ww0EBwMCxf8PTrQBmJdl0jcB6y2joE7GSLKRv7trbNsF5Z8ou5NISLUg31llVH/S0B2wl4bvzZjV
|
||||
VsxxqLSPzNLAeIspJk5G
|
||||
=mSd/
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'wrong-key', 'debug=1');
|
||||
NOTICE: dbg: prefix_init: corrupt prefix
|
||||
NOTICE: dbg: parse_literal_data: data type=b
|
||||
NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr
|
||||
ERROR: Wrong key or corrupt data
|
||||
-- Routine text/binary mismatch.
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('P', 'key'), 'key', 'debug=1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- Decryption with a certain incorrect key yields an apparent BZip2-compressed
|
||||
-- plaintext. Ciphertext source: iterative pgp_sym_encrypt('secret', 'key')
|
||||
-- until the random prefix gave rise to that property.
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
ww0EBwMC9rK/dMkF5Zlt0jcBlzAQ1mQY2qYbKYbw8h3EZ5Jk0K2IiY92R82TRhWzBIF/8cmXDPtP
|
||||
GXsd65oYJZp3Khz0qfyn
|
||||
=Nmpq
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'wrong-key', 'debug=1');
|
||||
NOTICE: dbg: prefix_init: corrupt prefix
|
||||
NOTICE: dbg: parse_compressed_data: bzip2 unsupported
|
||||
NOTICE: dbg: mdcbuf_finish: bad MDC pkt hdr
|
||||
ERROR: Wrong key or corrupt data
|
||||
-- Routine use of BZip2 compression. Ciphertext source:
|
||||
-- echo x | gpg --homedir /nonexistent --personal-compress-preferences bzip2 \
|
||||
-- --personal-cipher-preferences aes --no-emit-version --batch \
|
||||
-- --symmetric --passphrase key --armor
|
||||
select pgp_sym_decrypt(dearmor('
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
jA0EBwMCRhFrAKNcLVJg0mMBLJG1cCASNk/x/3dt1zJ+2eo7jHfjgg3N6wpB3XIe
|
||||
QCwkWJwlBG5pzbO5gu7xuPQN+TbPJ7aQ2sLx3bAHhtYb0i3vV9RO10Gw++yUyd4R
|
||||
UCAAw2JRIISttRHMfDpDuZJpvYo=
|
||||
=AZ9M
|
||||
-----END PGP MESSAGE-----
|
||||
'), 'key', 'debug=1');
|
||||
NOTICE: dbg: parse_compressed_data: bzip2 unsupported
|
||||
ERROR: Unsupported compression algorithm
|
||||
@ -1,161 +0,0 @@
|
||||
--
|
||||
-- PGP encrypt
|
||||
--
|
||||
-- ensure consistent test output regardless of the default bytea format
|
||||
SET bytea_output TO escape;
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'), 'key');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- check whether the defaults are ok
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
|
||||
'key', 'expect-cipher-algo=aes128,
|
||||
expect-disable-mdc=0,
|
||||
expect-sess-key=0,
|
||||
expect-s2k-mode=3,
|
||||
expect-s2k-digest-algo=sha1,
|
||||
expect-compress-algo=0
|
||||
');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- maybe the expect- stuff simply does not work
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt('Secret.', 'key'),
|
||||
'key', 'expect-cipher-algo=bf,
|
||||
expect-disable-mdc=1,
|
||||
expect-sess-key=1,
|
||||
expect-s2k-mode=0,
|
||||
expect-s2k-digest-algo=md5,
|
||||
expect-compress-algo=1
|
||||
');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- bytea as text
|
||||
select pgp_sym_decrypt(pgp_sym_encrypt_bytea('Binary', 'baz'), 'baz');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- text as bytea
|
||||
select pgp_sym_decrypt_bytea(pgp_sym_encrypt('Text', 'baz'), 'baz');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- algorithm change
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=bf'),
|
||||
'key', 'expect-cipher-algo=bf');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes'),
|
||||
'key', 'expect-cipher-algo=aes128');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'cipher-algo=aes192'),
|
||||
'key', 'expect-cipher-algo=aes192');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- s2k change
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=0'),
|
||||
'key', 'expect-s2k-mode=0');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=1'),
|
||||
'key', 'expect-s2k-mode=1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-mode=3'),
|
||||
'key', 'expect-s2k-mode=3');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- s2k count change
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),
|
||||
'key', 'expect-s2k-count=1024');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- s2k_count rounds up
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),
|
||||
'key', 'expect-s2k-count=65000000');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- s2k digest change
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),
|
||||
'key', 'expect-s2k-digest-algo=md5');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=sha1'),
|
||||
'key', 'expect-s2k-digest-algo=sha1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- sess key
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'sess-key=0'),
|
||||
'key', 'expect-sess-key=0');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1'),
|
||||
'key', 'expect-sess-key=1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=bf'),
|
||||
'key', 'expect-sess-key=1, expect-cipher-algo=bf');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes192'),
|
||||
'key', 'expect-sess-key=1, expect-cipher-algo=aes192');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'sess-key=1, cipher-algo=aes256'),
|
||||
'key', 'expect-sess-key=1, expect-cipher-algo=aes256');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- no mdc
|
||||
select pgp_sym_decrypt(
|
||||
pgp_sym_encrypt('Secret.', 'key', 'disable-mdc=1'),
|
||||
'key', 'expect-disable-mdc=1');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- crlf
|
||||
select encode(pgp_sym_decrypt_bytea(
|
||||
pgp_sym_encrypt(E'1\n2\n3\r\n', 'key', 'convert-crlf=1'),
|
||||
'key'), 'hex');
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- conversion should be lossless
|
||||
select encode(digest(pgp_sym_decrypt(
|
||||
pgp_sym_encrypt(E'\r\n0\n1\r\r\n\n2\r', 'key', 'convert-crlf=1'),
|
||||
'key', 'convert-crlf=1'), 'sha1'), 'hex') as result,
|
||||
encode(digest(E'\r\n0\n1\r\r\n\n2\r', 'sha1'), 'hex') as expect;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
@ -1,62 +0,0 @@
|
||||
--
|
||||
-- PGP Public Key Encryption
|
||||
--
|
||||
-- ensure consistent test output regardless of the default bytea format
|
||||
SET bytea_output TO escape;
|
||||
-- successful encrypt/decrypt
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=1;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=2;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=3;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=6;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- try with rsa-sign only
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=4;
|
||||
ERROR: No encryption key found
|
||||
-- try with secret key
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(seckey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=1;
|
||||
ERROR: Refusing to encrypt with secret key
|
||||
-- does text-to-bytea works
|
||||
select pgp_pub_decrypt_bytea(
|
||||
pgp_pub_encrypt('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=1;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
-- and bytea-to-text?
|
||||
select pgp_pub_decrypt(
|
||||
pgp_pub_encrypt_bytea('Secret msg', dearmor(pubkey)),
|
||||
dearmor(seckey))
|
||||
from keytbl where keytbl.id=1;
|
||||
ERROR: generating random data is not supported by this build
|
||||
DETAIL: This functionality requires a source of strong random numbers.
|
||||
HINT: You need to rebuild PostgreSQL using --enable-strong-random.
|
||||
@ -34,7 +34,6 @@
|
||||
#include <ctype.h>
|
||||
|
||||
#include "parser/scansup.h"
|
||||
#include "utils/backend_random.h"
|
||||
#include "utils/builtins.h"
|
||||
#include "utils/uuid.h"
|
||||
|
||||
@ -423,7 +422,6 @@ PG_FUNCTION_INFO_V1(pg_random_bytes);
|
||||
Datum
|
||||
pg_random_bytes(PG_FUNCTION_ARGS)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
int len = PG_GETARG_INT32(0);
|
||||
bytea *res;
|
||||
|
||||
@ -440,9 +438,6 @@ pg_random_bytes(PG_FUNCTION_ARGS)
|
||||
px_THROW_ERROR(PXE_NO_RANDOM);
|
||||
|
||||
PG_RETURN_BYTEA_P(res);
|
||||
#else
|
||||
px_THROW_ERROR(PXE_NO_RANDOM);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* SQL function: gen_random_uuid() returns uuid */
|
||||
@ -451,11 +446,10 @@ PG_FUNCTION_INFO_V1(pg_random_uuid);
|
||||
Datum
|
||||
pg_random_uuid(PG_FUNCTION_ARGS)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
uint8 *buf = (uint8 *) palloc(UUID_LEN);
|
||||
|
||||
/* Generate random bits. */
|
||||
if (!pg_backend_random((char *) buf, UUID_LEN))
|
||||
if (!pg_strong_random(buf, UUID_LEN))
|
||||
px_THROW_ERROR(PXE_NO_RANDOM);
|
||||
|
||||
/*
|
||||
@ -466,9 +460,6 @@ pg_random_uuid(PG_FUNCTION_ARGS)
|
||||
buf[8] = (buf[8] & 0x3f) | 0x80; /* "variant" field */
|
||||
|
||||
PG_RETURN_UUID_P((pg_uuid_t *) buf);
|
||||
#else
|
||||
px_THROW_ERROR(PXE_NO_RANDOM);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void *
|
||||
|
||||
@ -37,8 +37,6 @@
|
||||
#include "px.h"
|
||||
#include "pgp.h"
|
||||
|
||||
#include "utils/backend_random.h"
|
||||
|
||||
|
||||
#define MDC_DIGEST_LEN 20
|
||||
#define STREAM_ID 0xE0
|
||||
@ -481,13 +479,12 @@ init_encdata_packet(PushFilter **pf_res, PGP_Context *ctx, PushFilter *dst)
|
||||
static int
|
||||
write_prefix(PGP_Context *ctx, PushFilter *dst)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
uint8 prefix[PGP_MAX_BLOCK + 2];
|
||||
int res,
|
||||
bs;
|
||||
|
||||
bs = pgp_get_cipher_block_size(ctx->cipher_algo);
|
||||
if (!pg_backend_random((char *) prefix, bs))
|
||||
if (!pg_strong_random(prefix, bs))
|
||||
return PXE_NO_RANDOM;
|
||||
|
||||
prefix[bs + 0] = prefix[bs - 2];
|
||||
@ -496,9 +493,6 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
|
||||
res = pushf_write(dst, prefix, bs + 2);
|
||||
px_memset(prefix, 0, bs + 2);
|
||||
return res < 0 ? res : 0;
|
||||
#else
|
||||
return PXE_NO_RANDOM;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -587,13 +581,9 @@ init_sess_key(PGP_Context *ctx)
|
||||
{
|
||||
if (ctx->use_sess_key || ctx->pub_key)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
ctx->sess_key_len = pgp_get_cipher_key_size(ctx->cipher_algo);
|
||||
if (!pg_strong_random((char *) ctx->sess_key, ctx->sess_key_len))
|
||||
if (!pg_strong_random(ctx->sess_key, ctx->sess_key_len))
|
||||
return PXE_NO_RANDOM;
|
||||
#else
|
||||
return PXE_NO_RANDOM;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -57,13 +57,12 @@ mp_clear_free(mpz_t *a)
|
||||
static int
|
||||
mp_px_rand(uint32 bits, mpz_t *res)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
unsigned bytes = (bits + 7) / 8;
|
||||
int last_bits = bits & 7;
|
||||
uint8 *buf;
|
||||
|
||||
buf = px_alloc(bytes);
|
||||
if (!pg_strong_random((char *) buf, bytes))
|
||||
if (!pg_strong_random(buf, bytes))
|
||||
{
|
||||
px_free(buf);
|
||||
return PXE_NO_RANDOM;
|
||||
@ -83,9 +82,6 @@ mp_px_rand(uint32 bits, mpz_t *res)
|
||||
px_free(buf);
|
||||
|
||||
return 0;
|
||||
#else
|
||||
return PXE_NO_RANDOM;
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
|
||||
@ -39,7 +39,6 @@
|
||||
static int
|
||||
pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
uint8 *buf,
|
||||
*p;
|
||||
int pad_len = res_len - 2 - data_len;
|
||||
@ -50,7 +49,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
|
||||
buf = px_alloc(res_len);
|
||||
buf[0] = 0x02;
|
||||
|
||||
if (!pg_strong_random((char *) buf + 1, pad_len))
|
||||
if (!pg_strong_random(buf + 1, pad_len))
|
||||
{
|
||||
px_free(buf);
|
||||
return PXE_NO_RANDOM;
|
||||
@ -62,7 +61,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
|
||||
{
|
||||
if (*p == 0)
|
||||
{
|
||||
if (!pg_strong_random((char *) p, 1))
|
||||
if (!pg_strong_random(p, 1))
|
||||
{
|
||||
px_memset(buf, 0, res_len);
|
||||
px_free(buf);
|
||||
@ -78,10 +77,6 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
|
||||
*res_p = buf;
|
||||
|
||||
return 0;
|
||||
|
||||
#else
|
||||
return PXE_NO_RANDOM;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int
|
||||
|
||||
@ -34,7 +34,6 @@
|
||||
#include "px.h"
|
||||
#include "pgp.h"
|
||||
|
||||
#include "utils/backend_random.h"
|
||||
|
||||
static int
|
||||
calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
|
||||
@ -235,13 +234,13 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
|
||||
case PGP_S2K_SIMPLE:
|
||||
break;
|
||||
case PGP_S2K_SALTED:
|
||||
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
|
||||
if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
|
||||
return PXE_NO_RANDOM;
|
||||
break;
|
||||
case PGP_S2K_ISALTED:
|
||||
if (!pg_backend_random((char *) s2k->salt, PGP_S2K_SALT))
|
||||
if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
|
||||
return PXE_NO_RANDOM;
|
||||
if (!pg_backend_random((char *) &tmp, 1))
|
||||
if (!pg_strong_random(&tmp, 1))
|
||||
return PXE_NO_RANDOM;
|
||||
s2k->iter = decide_s2k_iter(tmp, count);
|
||||
break;
|
||||
|
||||
@ -34,7 +34,6 @@
|
||||
#include "px.h"
|
||||
#include "px-crypt.h"
|
||||
|
||||
#include "utils/backend_random.h"
|
||||
|
||||
static char *
|
||||
run_crypt_des(const char *psw, const char *salt,
|
||||
@ -153,7 +152,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
|
||||
return PXE_BAD_SALT_ROUNDS;
|
||||
}
|
||||
|
||||
if (!pg_backend_random(rbuf, g->input_len))
|
||||
if (!pg_strong_random(rbuf, g->input_len))
|
||||
return PXE_NO_RANDOM;
|
||||
|
||||
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
|
||||
|
||||
@ -56,7 +56,7 @@ static const struct error_desc px_err_list[] = {
|
||||
{PXE_UNKNOWN_SALT_ALGO, "Unknown salt algorithm"},
|
||||
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
|
||||
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
|
||||
{PXE_NO_RANDOM, "No strong random source"},
|
||||
{PXE_NO_RANDOM, "Failed to generate strong random bits"},
|
||||
{PXE_DECRYPT_FAILED, "Decryption failed"},
|
||||
{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
|
||||
{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
|
||||
@ -97,17 +97,9 @@ px_THROW_ERROR(int err)
|
||||
{
|
||||
if (err == PXE_NO_RANDOM)
|
||||
{
|
||||
#ifdef HAVE_STRONG_RANDOM
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INTERNAL_ERROR),
|
||||
errmsg("could not generate a random number")));
|
||||
#else
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
||||
errmsg("generating random data is not supported by this build"),
|
||||
errdetail("This functionality requires a source of strong random numbers."),
|
||||
errhint("You need to rebuild PostgreSQL using --enable-strong-random.")));
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user